private ClaimsPrincipal SignInUsingLogon(BasicSignInContext context) { var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1); var domain = new StringBuilder(NativeMethods.CREDUI_MAX_PASSWORD_LENGTH + 1); if (NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity) != 0) { return(null); } IntPtr token; if (!NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, NativeMethods.LOGON32_LOGON_NETWORK, NativeMethods.LOGON32_PROVIDER_DEFAULT, out token)) { return(null); } var winIdentity = new WindowsIdentity(token); var principal = new WindowsPrincipal(winIdentity); if (principal.IsInRole(_options.AllowedGroup)) { var claims = new[] { //new Claim(ClaimTypes.Name, context.Username), new Claim(Claims.RUser, ""), // TODO: figure out how to avoid keeping raw credentials around. new Claim(Claims.Password, context.Password), }; var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme); principal.AddIdentities(new[] { claimsIdentity }); } return(principal); }
public static bool IsSignInRequired(this BasicSignInContext context) { string path = context.HttpContext.Request.Path.ToString(); if (_skipSignInPaths.Contains(path)) { return(false); } return(true); }
private Task OnSignIn(BasicSignInContext context) { if (context.Password == "admin") { var claims = new[] { new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName) }; var identity = new ClaimsIdentity(claims, context.Scheme.Name); context.Principal = new ClaimsPrincipal(identity); } return(Task.CompletedTask); }
public async Task SignInAsync(BasicSignInContext context) { ClaimsPrincipal principal = (_options.Secret != null) ? SignInUsingSecret(context) : await SignInUsingLogonAsync(context); if (principal != null) { context.Ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), context.Options.AuthenticationScheme); } context.HandleResponse(); }
private Task OnSignIn(BasicSignInContext context) { if ((context.Password == Environment.GetEnvironmentVariable("ReportPW")) && (context.UserName == Environment.GetEnvironmentVariable("ReportUser"))) { var claims = new[] { new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName) }; var identity = new ClaimsIdentity(claims, context.Scheme.Name); identity.AddClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType, "All")); //Role = All context.Principal = new ClaimsPrincipal(identity); } return(Task.CompletedTask); }
public async Task SignInAsync(BasicSignInContext context) { if (context.IsSignInRequired()) { context.Principal = _options.Secret != null ? SignInUsingSecret(context) : await _authenticationService.SignInAsync(context.Username, context.Password, context.Scheme.Name); } else { var claims = new[] { new Claim(ClaimTypes.Anonymous, "") }; var claimsIdentity = new ClaimsIdentity(claims, context.Scheme.Name); context.Principal = new ClaimsPrincipal(claimsIdentity); } }
private ClaimsPrincipal SignInUsingSecret(BasicSignInContext context) { if (_options.Secret != context.Password) { return(null); } var claims = new[] { new Claim(ClaimTypes.Name, context.Username), new Claim(Claims.RUser, "") }; var identity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme); return(new ClaimsPrincipal(identity)); }
private ClaimsPrincipal SignInUsingLogon(BasicSignInContext context) { var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1); var domain = new StringBuilder(NativeMethods.CREDUI_MAX_PASSWORD_LENGTH + 1); if (NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity) != 0) { return(null); } IntPtr token; WindowsIdentity winIdentity = null; if (NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, (int)LogonType.LOGON32_LOGON_NETWORK, (int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out token)) { winIdentity = new WindowsIdentity(token); StringBuilder profileDir = new StringBuilder(NativeMethods.MAX_PATH); uint size = (uint)profileDir.Capacity; uint error = NativeMethods.CreateProfile(winIdentity.User.Value, user.ToString(), profileDir, size); // 0x800700b7 - Profile already exists. if (error != 0 && error != 0x800700b7) { return(null); } } else { return(null); } var principal = new WindowsPrincipal(winIdentity); if (principal.IsInRole(_options.AllowedGroup)) { var claims = new[] { //new Claim(ClaimTypes.Name, context.Username), new Claim(Claims.RUser, ""), // TODO: figure out how to avoid keeping raw credentials around. new Claim(Claims.Password, context.Password), }; var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme); principal.AddIdentities(new[] { claimsIdentity }); } return(principal); }
public async Task SignInAsync(BasicSignInContext context) { ClaimsPrincipal principal; if (context.IsSignInRequired()) { principal = _options.Secret != null?SignInUsingSecret(context) : await _authenticationService.SignInAsync(context.Username, context.Password, context.Options.AuthenticationScheme); } else { var claims = new[] { new Claim(ClaimTypes.Anonymous, "") }; var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme); principal = new ClaimsPrincipal(claimsIdentity); } if (principal != null) { context.Ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), context.Options.AuthenticationScheme); } context.HandleResponse(); }
private async Task <ClaimsPrincipal> SignInUsingLogonAsync(BasicSignInContext context) { var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1); var domain = new StringBuilder(NativeMethods.CREDUI_MAX_DOMAIN_LENGTH + 1); uint error = NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity); if (error != 0) { _logger.LogError(Resources.Error_UserNameParse, context.Username, error.ToString("X")); return(null); } IntPtr token; WindowsIdentity winIdentity = null; string profilePath = string.Empty; _logger.LogTrace(Resources.Trace_LogOnUserBegin, context.Username); if (NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, (int)LogonType.LOGON32_LOGON_NETWORK, (int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out token)) { _logger.LogTrace(Resources.Trace_LogOnSuccess, context.Username); winIdentity = new WindowsIdentity(token); StringBuilder profileDir = new StringBuilder(NativeMethods.MAX_PATH * 2); uint size = (uint)profileDir.Capacity; if (NativeMethods.GetUserProfileDirectory(token, profileDir, ref size)) { profilePath = profileDir.ToString(); _logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath); } else { #if DEBUG CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromMinutes(10)); #else CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10)); #endif _logger.LogTrace(Resources.Trace_UserProfileCreation, context.Username); var result = await _userProfileManager.CreateProfileAsync(new RUserProfileServiceRequest(user.ToString(), domain.ToString(), winIdentity.User.Value), cts.Token); if (result.IsInvalidResponse()) { _logger.LogError(Resources.Error_ProfileCreationFailedInvalidResponse, context.Username, Resources.Info_UserProfileServiceName); return(null); } error = result.Error; // 0x800700b7 - Profile already exists. if (error != 0 && error != 0x800700b7) { _logger.LogError(Resources.Error_ProfileCreationFailed, context.Username, error.ToString("X")); return(null); } else if (error == 0x800700b7 || result.ProfileExists) { _logger.LogInformation(Resources.Info_ProfileAlreadyExists, context.Username); } else { _logger.LogInformation(Resources.Info_ProfileCreated, context.Username); } if (!string.IsNullOrEmpty(result.ProfilePath)) { profilePath = result.ProfilePath; _logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath); } else { if (NativeMethods.GetUserProfileDirectory(token, profileDir, ref size)) { profilePath = profileDir.ToString(); _logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath); } else { _logger.LogError(Resources.Error_GetUserProfileDirectory, context.Username, Marshal.GetLastWin32Error().ToString("X")); } } } } else { _logger.LogError(Resources.Error_LogOnFailed, context.Username, Marshal.GetLastWin32Error().ToString("X")); return(null); } var principal = new WindowsPrincipal(winIdentity); if (principal.IsInRole(_options.AllowedGroup)) { var claims = new[] { //new Claim(ClaimTypes.Name, context.Username), new Claim(Claims.RUser, ""), new Claim(Claims.RUserProfileDir, profilePath) }; var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme); principal.AddIdentities(new[] { claimsIdentity }); } return(principal); }